CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-50036 – net: do not delay dst_entries_add() in dst_release()
https://notcve.org/view.php?id=CVE-2024-50036
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: do not delay dst_entries_add() in dst_release() dst_entries_add() uses per-cpu data that might be freed at netns dismantle from ip6_route_net_exit() calling dst_entries_destroy() Before ip6_route_net_exit() can be called, we release all the dsts associated with this netns, via calls to dst_release(), which waits an rcu grace period before calling dst_destroy() dst_entries_add() use in dst_destroy() is racy, because dst_entries_d... • https://git.kernel.org/stable/c/f88649721268999bdff09777847080a52004f691 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50035 – ppp: fix ppp_async_encode() illegal access
https://notcve.org/view.php?id=CVE-2024-50035
21 Oct 2024 — BUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline] BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675 ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline] ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675 ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634 ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline] ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304 pppoe_rcv_core+0x1d3/0x720 drivers/... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50034 – net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC
https://notcve.org/view.php?id=CVE-2024-50034
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC Eric report a panic on IPPROTO_SMC, and give the facts that when INET_PROTOSW_ICSK was set, icsk->icsk_sync_mss must be set too. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC Eric report a panic on IPPROTO_SMC, and give the facts that when INET_PROTOSW_ICSK was set, icsk->icsk_sync_mss must be set too. • https://git.kernel.org/stable/c/d25a92ccae6bed02327b63d138e12e7806830f78 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50033 – slip: make slhc_remember() more robust against malicious packets
https://notcve.org/view.php?id=CVE-2024-50033
21 Oct 2024 — [1] BUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666 slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666 ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455 ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline] ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212 ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327 pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379 sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113 __release_sock+... • https://git.kernel.org/stable/c/b5451d783ade99308dfccdf5ca284ed07affa4ff •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50032 – rcu/nocb: Fix rcuog wake-up from offline softirq
https://notcve.org/view.php?id=CVE-2024-50032
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix rcuog wake-up from offline softirq After a CPU has set itself offline and before it eventually calls rcutree_report_cpu_dead(), there are still opportunities for callbacks to be enqueued, for example from a softirq. In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix rcuog wake-up from offline softirq After a CPU has set itself offline and before it eventually calls rcutree_report_cp... • https://git.kernel.org/stable/c/9b52ee18f6d2f0e845b0dd5ba35edc02ba318827 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50031 – drm/v3d: Stop the active perfmon before being destroyed
https://notcve.org/view.php?id=CVE-2024-50031
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Stop the active perfmon before being destroyed When running `kmscube` with one or more performance monitors enabled via `GALLIUM_HUD`, the following kernel panic can occur: [ 55.008324] Unable to handle kernel paging request at virtual address 00000000052004a4 [ 55.008368] Mem abort info: [ 55.008377] ESR = 0x0000000096000005 [ 55.008387] EC = 0x25: DABT (current EL), IL = 32 bits [ 55.008402] SET = 0, FnV = 0 [ 55.008412] E... • https://git.kernel.org/stable/c/26a4dc29b74a137f45665089f6d3d633fcc9b662 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50030 – drm/xe/ct: prevent UAF in send_recv()
https://notcve.org/view.php?id=CVE-2024-50030
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in send_recv() Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. ... (cherry picked from commit 52789ce35c55ccd30c4b67b9cc5b2af55e0122ea) In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in send_recv() Ensure we serialize with... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50029 – Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync
https://notcve.org/view.php?id=CVE-2024-50029
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync This checks if the ACL connection remains valid as it could be destroyed while hci_enhanced_setup_sync is pending on cmd_sync leading to the following trace: BUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60 Read of size 1 at addr ffff888002328ffd by task kworker/u5:2/37 CPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #709... • https://git.kernel.org/stable/c/e07a06b4eb417f5271d33ce2240e93c62d98b7b4 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50028 – thermal: core: Reference count the zone in thermal_zone_get_by_id()
https://notcve.org/view.php?id=CVE-2024-50028
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal: core: Reference count the zone in thermal_zone_get_by_id() There are places in the thermal netlink code where nothing prevents the thermal zone object from going away while being accessed after it has been returned by thermal_zone_get_by_id(). In the Linux kernel, the following vulnerability has been resolved: thermal: core: Reference count the zone in thermal_zone_get_by_id() There are places in the thermal netlink c... • https://git.kernel.org/stable/c/1ce50e7d408ef2bdc8ca021363fd46d1b8bfad00 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50027 – thermal: core: Free tzp copy along with the thermal zone
https://notcve.org/view.php?id=CVE-2024-50027
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal: core: Free tzp copy along with the thermal zone The object pointed to by tz->tzp may still be accessed after being freed in thermal_zone_device_unregister(), so move the freeing of it to the point after the removal completion has been completed at which it cannot be accessed any more. In the Linux kernel, the following vulnerability has been resolved: thermal: core: Free tzp copy along with the thermal zone The object... • https://git.kernel.org/stable/c/3d439b1a2ad36c8b4ea151c8de25309d60d17407 •